How segmented is my network?

arXiv:2602.10125v1 Announce Type: new
Abstract: Network segmentation is a popular security practice for limiting lateral movement, yet practitioners lack a metric to measure how segmented a network actually is. We model a network as a graph and study segmentedness as a property captured by the global edge density that can be estimated from sampled node pairs. Then, we derive an estimator and evaluate its uncertainty using confidence intervals. For a 95% confidence interval with a margin-of-error of $pm 0.1$, we show that a minimum of $M=97$ sampled node pairs is sufficient. This result is independent of the total number of nodes in the network, provided that node pairs are sampled uniformly at random. We validate the estimator through Monte Carlo simulations on ErdH{o}s–R’enyi and stochastic block models, demonstrating accurate estimation and well-behaved coverage. Finally, we discuss applications of the estimator, such as, baseline tracking, zero trust assessment, and merger integration.